{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49260", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.296Z", "datePublished": "2025-02-26T01:56:12.548Z", "dateUpdated": "2025-05-04T08:33:34.942Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:33:34.942Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - fix the aead software fallback for engine\n\nDue to the subreq pointer misuse the private context memory. The aead\nsoft crypto occasionally casues the OS panic as setting the 64K page.\nHere is fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/hisilicon/sec2/sec_crypto.c"], "versions": [{"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c", "lessThan": "40dba7c26e897c637e91312b35f664f1d4d0073c", "status": "affected", "versionType": "git"}, {"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c", "lessThan": "ef7b10f3cac7810ddcfd976304fd125aca33d144", "status": "affected", "versionType": "git"}, {"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c", "lessThan": "5c1149e2abe0b7489300736b8277b45b113de67f", "status": "affected", "versionType": "git"}, {"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c", "lessThan": "0a2a464f863187f97e96ebc6384c052cafd4a54c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/hisilicon/sec2/sec_crypto.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.16.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.17.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/40dba7c26e897c637e91312b35f664f1d4d0073c"}, {"url": "https://git.kernel.org/stable/c/ef7b10f3cac7810ddcfd976304fd125aca33d144"}, {"url": "https://git.kernel.org/stable/c/5c1149e2abe0b7489300736b8277b45b113de67f"}, {"url": "https://git.kernel.org/stable/c/0a2a464f863187f97e96ebc6384c052cafd4a54c"}], "title": "crypto: hisilicon/sec - fix the aead software fallback for engine", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - fix the aead software fallback for engine\n\nDue to the subreq pointer misuse the private context memory. The aead\nsoft crypto occasionally casues the OS panic as setting the 64K page.\nHere is fix it."}], "id": "CVE-2022-49260", "lastModified": "2025-02-26T07:01:02.967", "metrics": {}, "published": "2025-02-26T07:01:02.967", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0a2a464f863187f97e96ebc6384c052cafd4a54c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40dba7c26e897c637e91312b35f664f1d4d0073c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5c1149e2abe0b7489300736b8277b45b113de67f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ef7b10f3cac7810ddcfd976304fd125aca33d144"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: crypto: hisilicon/sec - fix the aead software fallback for engine", "id": "2347928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347928"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: hisilicon/sec - fix the aead software fallback for engine\nDue to the subreq pointer misuse the private context memory. The aead\nsoft crypto occasionally casues the OS panic as setting the 64K page.\nHere is fix it."], "name": "CVE-2022-49260", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49260\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49260\nhttps://lore.kernel.org/linux-cve-announce/2025022628-CVE-2022-49260-a4a5@gregkh/T"], "threat_severity": "Moderate"}